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ABSTRACT 

This Thesis reviews the increasing need for security in 
a personal computer (PC) environment and proposes a new 
approach for securing PC applications at the application 
layer. The Relay Race Approach extends two standard 
approaches: data encryption and password access control at 
the main program level, to the subprogram level by the use 
of a special parameter, the "Baton". The applicability of 
this approach is demonstrated in an original Basic 
application and an existing Dbase IV application, 
representing both third generation language (3GL) and fourth 
generation language (4GL) environments. The Approach can 
add to overall network security in the PC LAN environment as 
well. The Approach is successful and proposed enhancements 


can strengthen the Approach. 
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I. INTRODUCTION 


The proliferation of information systems in virtually 
all areas of business and government has increased the 
importance of computer security issues. AS more people 
become computer literate, the risks of ill-intentioned 
individuals obtaining unauthorized access or violating the 
ticegqrity and validity of data grow. Potential solutions to 
computer security risks are varied and numerous because 
different types of computer hardware, operating systems, and 
application software have different security strengths and 
weaknesses. 

Different environments and applications require varying 
levels of security and security measures. Some environments 
need to target their security measures toward threats of 
accidental data corruption while others are primarily 
concerned with unauthorized access to sensitive information. 
Another computer security issue is system protection from 
viruses, worms, trojan horses, etc. 

Widespread use of personal computers and growth of end 
user computing have introduced myriad security concerns. 
Almost every personal computer user is likely to view virus 
Peoeection;, data backup, fEloppy disk control, and data 
encryption as primary computer security issues (Murray 1989, 


Stephenson 1989, Brown 1989). However, many personal 


computer security concerns for the most part remain largely 
unaddressed at this time (Pfleeger, 1989). Moreover, the 
growing population of knowledgeable personal computer users 
increases the numerical chances of security breaches 
involving personal computers. 

This research explores the unique security issues 
involving personal computers and proposes a new approach for 


securing personal computer applications and data. 


II. SECURITY IN PERSONAL COMPUTERS 


The use of personal computers, including microcomputers, 
office automation workstations and intelligent workstations, 
has spread substantially in recent years. Since the 
introduction of these systems, in the late 1970s, they have 
undergone far reaching changes and improvements which have 
brought them almost to the level of performance of large 
computers (Giladi and Zviran, 1989). Analysis of the 
development and characteristics of personal computers and 
large systems shows that the processing speed of present 
personal computers is equal or even superior to that of the 
main large systems that were in use during the late 1970s 
(e.g., IBM 370 series). 

The basic security problems for personal computers are 
the same as those for every other computing environment: 
applications require secrecy, integrity and availability 
applied to programs and data. However, security problems of 
personal computers are more serious than those of mainframes 
Or mini computers due to the lack of security tools and 
mechanisms. Many of the hardware and software facilities 
important in assuring security are inappropriate and 
unavailable in the personal computer environment. 

The security problem of personal computers is becoming 


even more meaningful as these machines are being integrated 


into computer networks. While many personal computers are 
being used in a stand-alone mode, others are being connected 
to networks as front-end terminals and processors, becoming 
a weak link in the network security chain. This problem 
becomes more crucial in the open system interconnection 
(OSI) environment. As the goal of an OSI environment is 
approached it becomes easier and more economical to connect 
computers and share resources. Logically, more PCs will be 
integrated into network systems. As a result, national 
organizations as well as users are becoming concerned with 
the vulnerability of personal computers (NCSC, 1985; NTISSC, 
1987; Post and Kievit, 1991). 

As the name implies, personal computers were initially 
envisioned as being used by one person. Simple physical 
security measures would supply the necessary measure of 
security. This single user view is evident in the design of 
the popular personal computer operating system, MS-DOS. In 
most organizations today however, PCs are not personally 
allocated (Gogan, 1991). In view of this, more security is 
sometimes required. There is a definite lack of tools to 
provide security for personal computers. 

As the popularity and power of personal computers grows, 
more people want and obtained access to them. Personal 
computers distribute computing power to virtually all 
physical locations within an organization, unlike large ; 
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machines. For the first time the computing power is not 
under the control of computer professionals. Persons 
responsible for mainframe or mini-computer security have 
limited control over how personal computers were being used 
within organizations. Generally, personal computer users 
lack the sensitivity toward computer security issues 
exhibited by mainframe and mini computer operators. The 
personal and organizational computer security mechanisms 
evident in large systems are not automatically in place for 


personal computers. 


A. HARDWARE 

The first IBM personal computer was built around the 
8088 processor. This processor had no protection scheme. 
All memory locations were open and unguarded. There were no 
privileged instructions available only t.o the operating 
system or trusted kernel. The newer 80286 and 80386 CPUs 
have stronger protection capabilities but the MS-DOS 
operating system is not capable of exploiting them (Post, 
1991; Pfleeger, 1989). 

Common hardware add-on security measures include 
physical security measures, security modules, and locks and 
keys. Each provides various degrees of security against 
certain types of threats while exhibiting weaknesses against 


others. 


Locking doors to rooms containing computers is effective 
but in most cases not feasible. Too often it is necessary 
to allow open access to a room containing the computer. 
Disconnecting and locking the computer’s keyboard in a desk 
drawer or cabinet provides good security without limiting 
access to an office space. Unfortunately, physical security 
measures limit access to all of the computer’s programs, not 
just the sensitive ones. This weakness can lead to under- 
use of computer assets. 

Security modules are expansion boards which plug into 
industry standard slots on personal computer motherboandeme. 
provide security. They usually perform in concert with 
software utilities. Security modules usually prevent 
booting from other than the fixed hard disk drive. This 
ensures that access control software stored on the fixed 
disk 1S run upon boot-up. Because the modules must plug 
into standard slots for compatibility reasons it would be 
easy for an intruder to locate and remove them. Many casual 
personal computer users possess sufficient knowledge to 
quickly open a computer’s case, identify specific expansion 
boards and remove the security module (Stephenson, 1989; 
Aarger aoe Se 

Key type locks coupled to power switches are oftenm@uwced 
in personal computers as security measures. These locks are 
an "all or nothing" device. Those who have a key have ; 
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access to all programs and data and those who do not have a 
key have access to nothing. They cannot provide universal 
access to public applications and provide security for 
private programs and data. Additionally, locking power 
switches can be defeated quite easily if the computer is 
housed ina standard case. Once the standard "easy access" 
case is opened, it is a simple matter to "hot wire" the 
Switch to defeat the lock. 

Hardware security solutions are enhanced when cases and 
fasteners are used which are non-standard and require 
special tools or keys for access or removal. Additionally, 
epoxy coatings are useful in protecting hardware items from 
tampering measures such as hot wiring switches. As with 
most security issues, using optimum combinations of security 
measures greatly enhances personal computer security 


effectiveness. 


3B: SOFTWARE 

Any computer system has, usually, two different types of 
software: an operating system and application programs. The 
operating system consists of the system programs, command 
interpreter, and utilities. The operating system is the 
focal point for exploring security issues. Application 


programs are those which accomplish processing desired by 


the computer user. Application programs make calls Gemeie. 
use, the operating system to accomplish lower level tasks. 
1. Operating Systems 

The operating system is the inner-most software 
layer of a computer system according to the "virtual 
machine" model (Tanenbaum, 1990). It accomplishes tasks for 
users and/or the application programs and shields them from 
complex hardware details. Transparent to users and 
applications, the function of the operating system is to 
present the user with the equivalent of an extended machine 
Or virtual machine that is easier to program than the 
underlying hardware. Its primary task is to keep track of 
resource usage, to grant resource requests and account for 
their usage, and to mediate conflicting requests from 
different programs and users (Tanenbaum, 1987). 

At their advent, personal computers were initially 
equipped with 4 KB of main memory. The operating system had 
to be small enough to be loaded into this small memory space 
and still leave room for an application program to run. The 
early developers of personal computers and their operating 
systems did not expect these machines to grow in popularity 
as they have. The operating system was written to provide 
compactness and functionality in a "personal" environment. 
This meant one user, one program at a time. Under MS-DOS, 
anyone with basic knowledge can access and/or change any 
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file or memory location. The current trend is toward 
personal computer power houses shared by several workers 
able to run several applications simultaneously utilizing up 
to 8 MB of main memory. With multiple users instead of the 
envisioned personal use, MS-DOS does not provide any measure 
of security. In examining MS-DOS it is clear that it has 
limitations which cripple its capability to grow into a 
full-fledged operating system capable of supporting and 
managing systems which are now in demand. 

MaS=DOS'’s mazor lamitation is that when conceived, it 
allotted only enough bits in its address format to access a 
maximum of 640 kilobytes of main memory directly. This 
limit remains in place today because of market pressures for 
downward compatibility. The most powerful applications 
programs tend to use most of the 640 kb of memory leaving 
only enough for the underlying operating system. To install 
security mechanisms in MS-DOS would undoubtedly reduce the 
memory space available for use by application programs to an 
even lower value. It seems that the market pressure for 
freeing up memory for applications is far greater than any 
pressure to add security functions to MS-DOS. 

Although most operating systems for large systems 
provide adequate security functions, MS-DOS continues to 
serve as the personal computer standard with virtually no 
security capability. Market pressure for compatibility and 
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maximum application space will defeat any move to retrofit 
MS-DOS with se@urity functionality. 
2. Utilities 


Utilities are separate system programs that 


accomplish tasks for users. Their normal function is system 
management. Since they are optional, commercial software 
programs are not written to use them. Utility programs are 


very important in security of personal computer systems. 
Because the operating system has no security capability, 
personal computer users often use utility programs to 
protect their data and programs. There are several 
different ways in which utility programs are commonly used 
for security in the personal computer environment. These 
include encryption of data, password hard disk drive locks 
with or without hardware locks, and disk residue 
eliminators. The best commercially available solutions 
include elements of all three (Stephenson, 1989). 
Encryption of data using utility programs provides 
excellent security of data. The application program can be 
run by intruders but the data they receive will be nonsense 
unless first decrypted. Encryption and decryption can be 
accomplished automatically using batch command files. There 
are two limitations which come to mind in using data 
encryption utilities. Data file encryption and decryption 
are disk intensive activities and consequently are very 
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slow. Additionally, simply securing the data does not keep 
intruders from running the application program. It simply 
keeps the intruder from understanding the data. In some 
cases it may be desirable to ensure intruders are unable to 
run the application program at all. 

Password hard disk drive boot locks are programs 
which require password authentication to boot and 
subsequently access the hard drive. They are fast, compact 
and work well against casual, novice intrusion attempts. 
Without hardware enhancements, Nowever, they can be bypassed 
if the intruder boots the computer from a bootable MS-DOS 
floppy (Stephenson, 1989). 

Additionally, access to even non-sensitive programs 
on the protected system requires password authentication. 
This limits the use of computer resources to trusted 
password holders only. In many cases it is desirable to 
secure only a portion of the functions the personal computer 
neltps perform . 

Other utilities rid secondary memory of residue. 
When files on personal computers are deleted their data 
remains. The operating system simply deletes the file from 
the directory, rendering it unlocatable. Intruders can read 
Or copy portions of the memory media in search of sensitive 
data. Simply deleting files does not protect the 
information. Utilities such as Norton’s wipe disk and wipe 
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file rewrite the disk or file entirely with meaningless 
data. This destroys all residue left from sensitive files. 

These types of utilities are often bundled with 
hardware which disallows booting from any disk except the 
one protected by the software. 

3. Applications 

Application programs are the outer layer of software 
in the virtual machine model. The application software is a 
program which interfaces with the user and ensures that the 
tasks the user wishes to accomplish are completed. The 
application program makes calls to the operating system to 
accomplish low level tasks in order for the application to 
accomplish tasks initiated by the user. The application 
software is shielded from hardware details by the operating 
system. 

The operating system, MS-DOS, provides no security 
capability and utilities leave possible back doors and 
require password access procedures for all applications. If 
application programs provide their own security capability 
only programs which require security would require passwords 
for access. Moreover, common back doors associated with 
security utility programs are closed to intruders when 
application programs contain protection schemes. 

Application programs that need no protection are not limited 
by running under a larger, hypothetical, security-capable 
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operating system which would use more of the 640 kb main 
memory than the unprotected MS-DOS. A minor drawback to 
applications providing their own protection is that the 
consequential increase in program size occurs in each 
secured application program. This 1S a minor drawback as 
the additional required disk storage space would small. The 
additional RAM would be required only by programs needing 
protection, thereby freeing maximum main memory for larger 


unprotected programs. 


C. DATA 

Two views of data security prevail: protection against 
inadvertent data loss and protection of unauthorized access 
to sensitive data. Inadvertent data loss is a problem of 
valuable, but not necessarily sensitive, data (Mensching and 
Adams, 1991). Procedures for precluding inadvertent data 
loss have been common knowledge since the personal 
computer’s inception and will not be addressed here. Since 
the operating system as described previously provides no 
built-in file protection measures, data file encryption must 
be used to secure data in personal computers. 

Utilities are commonly used to encrypt and decrypt data 
files to ensure protection of sensitive data. Some hardware 
add-on boards also possess the capability to automatically 


encrypt and decrypt data files. There are many different 


es 


algorithms to encrypt and decrypt data. Some of which are 
considered to be safer than others. The Data Encryption 
Standard (DES) is the most common one, initially developed 


for the U.S. government for use by the general public. 


D. PERSONNEL 

Sensitivity to security issues and an attitude of 
responsibility on the part of all users in a personal 
computer environment are necessary for other measures to 
succeed in providing security. Whereas mainframes and other 
large systems have separate locked rooms and expert 
operators shielding them, personal computers are vulnerably 
distributed throughout an organization. For instance, no 
security system can succeed if a user leaves the area while 
a sensitive application is running. No matter how strong 
the security system, it is useless unless personnel have a 
healthy attitude toward security and are sensitive to 


possible threats (Pfleeger, 1989). 
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III. THE RELAY RACE APPROACH 


A. INTRODUCTION 

In view of the personal computer operating system's 
inability to provide security and the limitations associated 
with security modules and utilities, it becomes worthwhile 
to explore new techniques for securing individual 
application programs. Three major threats to the security 
of an application can be countered, to include unauthorized 
execution of the main program, data disclosure and 
unauthorized execution of parts of the program by executing 
Subprograms directly. Traditional methods cover encryption 
of data files and securing main programs, while the Relay 
Race Approach extends protection to the subprogram level. 

1. Application Access Control 

Personal computers are often used by different 

individuals running different application programs (Gogan, 
1991). In most cases, all applications are stored on the 
same hard disk drive. Allowing access to certain programs 
by certain individuals while limiting access to valid users 
of other protected programs stored on the same disk 1s no 
trivial task in the PC environment. Since the MS-DOS 
operating system provides no security kernel, the solutions 
must be coded into the application programs. Each 


application program must check for access authorization and 


is 


take required measures to secure itself against intrusion. 
This is usually accomplished by an application-oriented 
Password checking scheme which protects the application at 
the main menu level. 
2. Data File Security 

Intrusion is usually for the purpose of achieving 
access to the system data. One intrusion technique is to 
bypass the application programs entirely and attempt to gain 
access to the system data files directly. An intruder could 
Simply browse the file or copy it for later examination at 
another computer. To overcome this problem, data files must 
be encrypted. 

3. Intra-application Controls 

The growth in application software capabilities and 
the consequent growth in size has dictated that applications 
be designed as a collection of programs. In such a scheme, 
a main program calls on subprograms to accomplish specific 
tasks in support of the system. The main program can be 
secured with a password-checking scheme to prevent its 
unauthorized execution. However, access to functions and 
data can sometimes be achieved by executing subprograms 
directly without the main program, as depicted in Figure 
3.1. To preclude this type of intrusion some method of 
ensuring that all subprograms are called by their proper 
calling programs or subprograms must be devised. The 
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Figure 3.1: Password and Encryption 
Spheres of Protection 


approach explored in this research will be called the relay 


race approach. 


B. IMPLEMENTATION CONCEPTS 

In order to counter the three threats three methods of 
protection are implemented in The Relay Race Approach. The 
first two measures are commonly used in the personal 
computer environment in an attempt to secure applications. 
One is basic password checking upon execution ensures user 
authorization, and the second employs automatic data 
encryption, decryption and deletion preclude theft of raw 
data files. However, to preclude program execution via an 
unprotected subprogram, all subprograms will check for a 
parameter which can only be valid if the subprogram was 
called via the main program as illustrated in Figure 3.2. 
This is a unique measure applied to individual application 
programs and it is from this third measure that the aseeeee 
receives its name. In much the same way relay racers must 
pass a baton or be disqualified, subprograms must receive a 
certain parameter and pass it to subsequent subprograms or 
the program execution will be halted by the security system. 

1. Password Storage and Management 

There are two methods of storing valid passwords to 

be used by the system to authenticate users: including valid 


passwords in program source code and storing valid passwords 
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in encrypted data files. Including passwords in source code 
provides simplicity and security but requires recompilation 
for each password change. Using encrypted data files 
containing valid passwords precludes requirement for source 
code dissemination to user/ administrator but requires 
thoughtful implementation to ensure security. An intruder 
could encrypt his/her own password file with a different key 
and replace the real password file with his/her version 
(same filename). In order to defeat this intrusion scheme 
the system must check to determine whether the password file 
is real or one planted by an intruder. The valid password 
file will contain a password to be checked against one in 
the compiled code. The intruder’s file would not work if it 
did not contain this file checking password. A combination 
of both encrypted data file and compiled password ensures 
security and precludes source code dissemination and 
recompilation for routine password changes. 
2. Baton and Baton Passing 

In order to ensure that subprograms are executed 
only when called by proper calling programs a global 
variable, or parameter, can be set upon password 
authentication and passed from the main program to the 
called subprograms. Subprograms can, in turn, pass the same 
parameter to any subprograms they call. Each subprogram can 
begin execution by checking this parameter before executing~- 
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further and halt processing if the parameter is invalid. 
This 1s analogous to a relay race at a track meet. Without 
the baton being properly passed and received the relay team 
cannot complete the race. 
3. Data File Encryption 

Two types of encrypted data files are required for 
the relay race baton scheme: password file and data storage 
files. The password file is decrypted, and the decrypted 
file is then read and deleted. The decryption process 
leaves the encrypted file intact so that when the system 
deletes the decrypted files, the original encrypted password 
file remains for use in future access attempts. Data 
storage files must be decrypted for reading and recrypted if 
new data is added or other changes are made. Once again all 
files decrypted during a process need to have the decrypted 
copy deleted as soon as possible after they are re- 


encrypted. 
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IV. APPLICATION IN A THIRD GENERATION LANGUAGE ENVIRONMENT 


A. ENVIRONMENT DESCRIPTION 

A simple test application was developed in compiled MS- 
BASIC. BASIC was chosen as the third generation language 
for a prototype due to its relatively low power and 
programmers’ wide exposure to it. If the relay race scheme 
can be implemented in BASIC, it is reasonable to assume that 
it is possible to implement it in any of the known third 


generation languages. 


B. APPLICATION DESCRIPTION 

The prototype application is a simple, menu-driven, 
maritime minefield planning program designed to minimize the 
necessity for accurate small scale plotting on geographic 
charts. The program has options to input planning data, 
calculate mine drop instructions, save instructions to disk, 
and print instructions. The application programs and data 
are protected using The Relay Race Approach. 

The MS-DOS directory presentation for the application is 
provided in Figure 4.1. BASRUN20.EXE is a runtime package 
required for applications compiled separately such as the 
minefield planning application. MFPLAN.EXE is the main 
program containing password checking code and opening menu. 


The remaining .EXE files are subprograms which accomplish 
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the application’s tasks. S$ED.MNQ and SED.NMQ are encrypted 


data and password files respectively. 










SED MNQ EG Ges = 19 = 9 1 20 











SED NMQ 128 2-10-91 6:57p 
BASRUN20 EXE 63046 6-25-85 4:42p 
MEF PLAN EXE 3415 5-19-91 ff Bas #0). 
MINECALC EXE 4615 5-19-91 7:56p 





MINEPRNT EXE 2503 5-19-91 7:57p 
MINESAVE EXE 2887 5-19-91 7:56p 
MLRETREV EXE 2279 5-19-91 7:57p 


Eigure 4.1: MS=DOS Directory presentation of 
the application 





The threat of intrusion via subprogram defeating the 
password authorization and data encryption without baton 
paessang 1s illustrated in a structure chart of an intrusion 
attempt (Figure 4.2). When unprotected, an intruder needs 
only to write a small BASIC program to call MLRETREV.EXE and 
MINEPRNT.EXE in order to gain access to the system’s 
sensitive data. By combining password checking, data 
encryption and the Relay Race Approach, this intrusion is 


thwarted (Figure 4.3). 


C. TRANSFORMING CONCEPTS TO CODE 
1. Handling Passwords and the Baton 
The first operation the scheme must accomplish is 
password checking. This operation is be accomplished as 


early as possible in the application. Figure 4.4 contains 
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Intruder.exe 


1 Call Miretrev.exe 
then call Minepmt.exe 






ay 
2 aN 
Miretrev.exe Mineprmt.exe 
Retrieves data Prints resulis 


from file 





Figure 4.2: Structure chart ilustrating 
how an intruder’s program could call 
subprograms and achicve data 
ACCESS. 
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Takes user inputs Retrieves data Appends output to 
and calculates froin file data file 
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ae | oe ave 


: Dats file | 
SEDIMINO | 


Figure 4.3: Structure chart of Mine - 
field Pianning Program 
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the required BASIC source code to handle passwords and 
password checking and initialize the security baton. Line 9 
allows the program to be recalled from subprograms without 
requesting a password each time the main menu appears. 

Lines 40, 50 and 60 blank the display screen for password 
entry, input password and return normal function to the 
display screen. Line 70 creates a decrypted copy of the 
valid password file and names it "PWORD.DAT". During the 
execution of the "RCRYPT" program, the user will be prompted 
to enter an encryptation key twice. Line 80 opens the 
PWORD.DAT file for input. Lines 90, 100, 110 initialize 
several variables to be used: N, a loop counter; FOUNDS, a 
flag indicating wether a password is found to be valid or 
not; and BATONS, the global variable or parameter passed to 
subprograms to verify that access authorization has been 
checked prior to subprogram execition. If the password file 
is found to be empty, line 120 will call the violation 
routine, (lines 220-290). Lines 140 and 150 input and check 
the first entry in the password file and ensure it is 
"scud". This defeats intruders who might plant their own 
encrypted password file in place of the original. If an 
imposter password file is detected the violation routine is 
run. Lines 160-200 are the password checking loop where the 
input password (PASSWORDS) is checked against each valid 
password in the file (VALIDPWORDS$(N)). If end of file (EOF) 
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moureacnea without a match the violation routine is run.- hae 


gemeacch, is found, dines 300-320 are run in order to cliose 


the password file, delete it and set the security baton 
(BATONS) valid. This allows subprograms to be called and 
run. The violation routine (lines 220-290) also closes and 
deletes the password file. Lines 240-260 provide a pause 
situation allowing displayed text message to be read by 
Lines 350 to 450 


users before continuing program execution. 


represent location of functioning non-security related 


application code. 
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9 IF BATONS = "VALID" then GOTO 330 
LOCAT Beis 10 
PRINT "Enter your password and press ENTER.” 
LOCATE 157585 
COLOR 
INPUT PASSWORDS 
COLOR =? 
SHELL "RECRYPT SED.NMQ PWORD.DAT" 
OPEN "PWORD.DAT" for INPUT as #1 
0 

FOUNDS bh) 

BATONS = "INVALID" 

IF EOF (1) GOTO 220 

INPUT# 1, FILECHKS 

IF FILECHKS = "scud" then GOTO 160 else GOTO 220 
Tf. BOR (1). Gone 220 

N=N+4+1 

INPUT#1, VALIDPWORDS (N) 

IF PASSWORDS = VALIDPWORDS(N) THEN FOUNDS = "T" | 
IF FOUNDS = "T" then GOTO 300 else GOTO 160 
hOGA hg an) 

PRINT "Security, violation! 

HOCATE, 197 16 

PRINT "Press any key to continue." 

AS = INKEYS 

IF AS = "" then 250 

CLOSE 1 

KILL "PWORD.DAT" 

GOTO 500 

CLOSE 1 

KILL "PWORD .DAT" 

BATONS = "VALID" 





| 500 END | 


Figure 4.4: Code required to check user’s password 
and set "baton" variable 
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2. Called Subprogram Requirements 

Subprograms require very little additional code to 
accomplish the relay race scheme. As the baton is passed by 
the COMMON mechanism (sharing variables and values among 
programs), a simple check of the security baton (BATONS) 
must be made before each program execution. If the value 
Bassead by this varaable is valid, execution continues. If 
the value passed by this variable is found to be invalid, it 
means that the subprogram was called without valid password 
authentication. A violation routine is run and the program 
is aborted. Required source code for subprograms is 


presented in Figure 4.5. 


OPTION BASE 1 

DIM YTD (10) ,TTD(10) 

COMMON BATONS, NAS, LAHS, IPLAD, IPLAM, IPLAS, LOHS, 
IPLOD, IPLOM, IPLOS, SPD, TRK,N, YTD () , TTD () 

IF BATONS = "VALID" GOTO 30 ELSE GOTO 60 
(PROGRAM 


HOCATE, 17,10 

PRINT "Security Violation!" 

LOCATE 19,10 

PRINT "Press any key to continue." 
100 AS = INKEYS 
Pej treAS = "" then 10 
120 END 





Figure 4.5: Code required in subprograms 
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3. Data Encryption, Decryption and Access Requirements 
a. Data Encryption Utility 

The encryption program used in this prototype 
is RCRYPT.COM, an MS-DOS utility. Many different data 
encryption utilities are available and most will work within 
this scheme. The application may need to be modified 
slightly depending on whether the encryption utility 
requires the key to be entered on the command line as a 
parameter or prompts the user for the key during execution. 
The RCRYPT.COM utility in the prototype prompts for the key 
during execution. 

b. Data File Manipulation 

This prototype uses one password file and one 
data file. A flat file of records is used because data for 
this application is small and response time is not a 
critical issue. AS shown in Figure 4.6 most of the: data 
manipulations focus on decrypting and reading data. One 
subprogram (MINESAVE) allows for appending data to the data 
file. This case requires decrypting the data file, 
appending new data to the file and re-encrypting the file. 
The source code required for this operation is presented in 


Figure 4.7. 
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MFPLAN (main program) 

- decrypts password file 
- reads password file 

- deletes password file 


MINECALC MINEPRNT 
- no data file = No data tile 
operations operations 


MLRETREV MINESAVE 

- decrypts data decrypts data 

- reads data appends data 

- deletes file encrypts data 
deletes file 





Figure 4.6: Description of data file manipulations 
for each of the programs in the Basic 
prototype application. 


40 PRINT "What name would you like to call the data?" 

50 INPUT NAS 

60 SHELL "RCRYPT SED.MNQ MINE.DAT" 

70 OPEN "MINE.DAT" for APPEND as #2 

80 WRITE #2,NA$,LAHS, IPLAD, IPLAM, IPLAS, LOH$, IPLOD, 
IPLOM, IPLOS, SPD, TRK,N 


90 FOR B= 1toN 

HOO WRITKR #2, YTD (SB) ,TTD(B) 

110 NEXT B 

120 CLOSE #2 

130 SHELL "RCRYPT MINE.DAT SED.MNOQ" 
Ok lbG “MINE: DAT" 





Figure 4.7: Code required for data file manipulation 
in MINESAVE subprogram 
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c. System Administration 

The application requires a system administrator 
to accomplish certain tasks. These tasks include steps to 
start the system, accomplishing data file housekeeping and 
changing passwords. Since it is not desirable to supply 
source code to all users, the application deliverables 
should include information indicating what the first entry 
in the password file needs to be. This entry should be 
unique or nearly unique among different copies of the 
application to preclude one systems administrator from 
intruding into another’s copy. For example, line 150 Figure 
4.4 character string "scud" (FILECHKS) should be identified 
as the required first entry in the password file and should 
be different for each copy of the application. To start the 
system the administrator should add his/her desired 
passwords, nine at most, to the required first entry, 
encrypt the file with the desired case sensitive key and the 
name "SED.NMQ" and delete the un-encrypted copy of the 
password file. 

The application should also include a data file 
with one set of test data included to preclude the system 
from attempting to decrypt and append to an empty file. A 
copy of this original data file should be maintained by the 
administrator and used for data housekeeping operations. 

The data file, like the password file, needs to be encrypted 


SZ 


and named in accordance with lines 130 and 70 of Figures 4.7 
and 4.4 respectively. 

Changing the passwords should be done regularly 
in any system and should be easy to accomplish so as not to 
discourage changes when needed. To change passwords, run 
RCRYPT.COM directly on the SED.NMQ file and edit the file 
with new passwords. The required first entry of the file 
should not be changed or the system will reject the new 
password file as bogus. Re-encryption of the password file 
using a new encryption key is needed. Changing the key each 


time passwords are changed maximizes security. 
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V. APPLICATION IN A FOURTH GENERATION LANGUAGE ENVIRONMENT 


A. ENVIRONMENT DESCRIPTION 

The Relay Race Approach was installed into a previously 
implemented DBaseIV database application. DBase was chosen 
because of its widespread familiarity and its non-procedural 
nature. If the approach could be easily grafted into an 
existing DBase IV generated application, it would be an 
effective approach for securing other existing applications. 

Fourth generation languages are often used in 
environments where end users build applications. Security 
may not be considered when users create applications. The 
Relay Race Approach shows promise as an efficient security 
measure for these existing end user applications. 

The DbaseIV application generator allows users or 
developers to create fully functional menu driven database 
applications with little or no coding. Database structures, 
forms, reports and queries are created uSing user friendly 
graphical interfaces and then are combined to work together 
by the application generator. The application generator 
generates source code with comments which is compiled into 
object code that can be run either in the DBase IV 


environment or with a run-time module. 
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B. APPLICATION DESCRIPTION 

The application is the user version of an automated dive 
log. It is used for users to enter SCUBA diving events, and 
query reports such as logs or qualification reports from the 
database. There is another version which accesses the same 
database which is used by the system administrator for 
marketing and other business and organizational functions. 

The application accesses four database files: DIVER.DBF, 
SITE.DBF, DIVE.DBF and QUAL.DBF. It uses one data entry 
form file, DIVEFORM.SCR. Two query (.QBE) files were 
Slightiy modified for use: JOIN1.PRG and QUALLIST.PRG. Two 
meecre titles were buzlt and used: LOG REPO.FPRM and 
QUALRPT.FRM. Finally, the application generator created two 
program files: DLUSER.PRG and USERBAR.PRG. 

Since the Relay Race Approach depends on passing 
parameters between programs, the structure of the 
application must be understood before the approach can be 
installed into an existing application. Since the source 
code was 95 percent generated by DbaseIV the application 
must be reverse engineered, yielding a structure chart 
needed for understanding. Figure 5.1 is the structure chart 
for the application. Only JOIN1.PRG and QUALLIST.PRG can 
access the data, so only procedures which can possibly call 


them need to have the additional source code installed. 
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jiaese are DLUSER and MPDEF in DLUSER.PRG file, ACTO3, ACTO4 


in USERBAR.PRG file, and JOIN1.PRG and QUALLIST.PRG files. 


C. TRANSFORMING CONCEPTS TO CODE 
1. Handling Passwords and the Baton 

Checking password validity is accomplished first and 
the code required for this was inserted into the main 
program, DLUSER.PRG. Figure 5.2 shows the additional source 
code inserted at the very beginning of the DLUSER.PRG file. 
The set color commands ensure that the password is not 
echoed to the screen when the user types their’s. In order 
to get the prompt "Enter Password" on the screen and not the 
password itself, the prompt and the acceptance of the value 
for variable "PWORD" had to be separated by the set color 
command. This is why the ACCEPT string 1S a space. Set 
color is used again to return the screen to normal. Since 
most Dbase IV users will have the capability to compile 
programs, the passwords were compiled rather than stored in 
an encrypted file. The logic in the IF / ELSE clause is 
such that if no password is entered, and the error message 
which occurs is "ignored" by the user, the program 
VIOLATIO.PRG will be run, not the rest of DLUSER.PRG. Dbase 
defaults to the first statement when an error is encountered 
in an IF/ELSE clause and the user selects "IGNORE" at the 


error prompt. VIOLATIO.PRG displays a violation message and 
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terminates the program. If the password is found to be 
valid the data files are decrypted. Since the baton in 
DBase can be a true parameter instead of a shared variable 
as was the case in BASIC, a variable does not need to be 
set. When a procedure is called it simply needs to be 
called with a value which will be checked by the called 
procedure. Figure 5.3 illustrates the correct syntax for 


calling programs and procedures with the parameter required. 


@3,3 SAY "Enter Password: " 

SET COLOR OF NORMAL TO B/B 

ACCEPT " " TO PWORD 

SET COLOR OF NORMAL TO W+/B 

IF (.NOT. PWORD="TIGRIS") .AND. (.NOT. PWORD="SCUD") 


.AND. (.NOT.PWORD="BAGDAD") 
DO VIOLATIO 
ELSE 
RUN PKUNZIP ADLDATA -sIRAQ 
“> Rest Ob Progranma. 





Figure 5.2: Code required for password checking in 
the main program for the Dive Log application. 


“x Calling Program Or erocedure ~* 
DO MPDEF WITH "GOOD" 





*x** Called Program or Procedure ** 

PARAMETER BATON 

ON ERROR CANCEL | 
IF .NOT. BATON = "GOOD" 


DO VIOLATIO 
ELSE 
**X Kestmon Program *~* 








Figure 5.3: Code required for calling subprograms 
and procedures with parameters. 
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2. Called Procedures or Subprograms Requirements 

Called subprograms or procedures which receive the 
security parameter BATON must contain the PARAMETERS 
statement as shown in Figure 5.3. It was discovered during 
testing that if an intruder attempted to call a subprogram 
or procedure directly without the required parameter, Dbase 
displays an error message displaying the (IF .NOT. BATON = 
"GOOD") line of source code and a prompt "PARAMETER NOT 
FOUND". This would give the intruder information required 
to successfully call the subprogram or procedure on his next 
attempt. The "ON ERROR CANCEL" line terminates program 
execution when any error occurs to remedy the situation. 
The IF/ELSE clause checks for the security baton and runs 
the violation procedure or the rest of the program 
mecoradingly. 

3. Data Encryption, Decryption and Administration. 

Since the application uses four different data files 
the PKZIP/PKUNZIP utility programs were selected for 
encryption and decryption of data files. It allows for 
compression and encryption of multiple files into one single 
file. As depicted in Figure 5.2 the encryption key "IRAQ" 
1s compiled into the program instead of being prompted from 
and entered by the user. 

The procedure ACT05 in the USERBAR.PRG file, (Figure 
5.1), is executed to exit the system. Data encryption and 
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residue housekeeping is accomplished here. The required 


code is shown in Figure 5.4 


RUN PAZIP ADLDATAPSsiieaee lh A© ==. DEF 





Figure 5.4: Code required for encrypting data files 
and removing the decrypted data files. 
The system administrator has only to periodically 
recompile the source code changing passwords and encryption 
keys. Access to the source code should be limited to 
trusted personnel only as it contains information which 


would greatly simplify intrusion. 
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VI. THE RELAY RACE APPROACH AND LOCAL AREA NETWORK SECURITY 


The explosion of personal computers in the workplace has 
led to the need for data communication and asset sharing 
among an organization’s Pcs. Local area networks (LANs) 
efficiently provide these attributes and are being utilized 


extensively today. 


A. ELEMENTS AND FUNCTIONALITY OF LANS 

LAN implementation includes installing LAN hardware 
expansion cards in the computers which are to be linked, 
linking the computers together using a cabling system, and 
installing a LAN operating system on the machines. One of 
the machines is designated as the server and the rest are 
clients. The full operating system resides on the server 
while only a shell or subset resides on each client. In 
popular PC LANs the network operating system still utilizes 
MS-DOS but provides added network functions. 

Communication between machines or nodes in a network 
involves multiple communication protocols. Each protocol 
level uses functions provided at lower levels by lower level 


Provcocols. 


B. SECURITY IN LANS 
Most LAN operating systems provide security functions 


capable of multi-level security of files and physical 
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devices. These measures combined with certain physical 
security measures involving the network server can protect 
assets against casual intrusion attempts. However, if 
physical access to the network server can be gained an 
intruder could attempt to load a different copy of the 
network operating system onto the server and give himself 
access to protected files and/or devices. Many LANs place 
printers and other periphrials along side the server and the 
server therefore cannot be physically isolated from the 


users or public. 


C. ENHANCING OVERALL LAN SECURITY 

Even though network operating systems oftem provide 
security features, the Relay Race Approach can significantly 
strengthen overall security. The Relay Race Approach 
provides efficient security at the application layer 
complementing security features implemented at the LAN 
operating system layer. For example, if an intruder were 
capable of accessing the LAN server, load a different copy 
of the LAN operating system and attempt to access a 
protected application, additional security provided by the 
Relay Race Approach would significantly hamper his attempts. 
The additional layer of security would most likely end the 
intruder’s attempt: at least for that session. 


Additionally, combining security measures implemented at the 
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LAN operating system layer with those at the application 
layer can reduce requirements for "armor plated" physical 
security measures such as heavy duty locks, doors or 
cabinets for the network server. 

Both prototype applications were installed on a LAN. 
Both executed as expected and illustrated feasibility of the 
Relay Race Approach as a security measure for applications 


running on LANs. 
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VII. CONCLUSIONS 


Personal computer security is an issue of increasing 
importance to computer professionals. It is valuable to 
explore efficient methods of providing or enhancing PC 
security. The Relay Race Approach provides or enhances 
security in the PC environment efficiently. The Approach 
can be strengthened using deceptive measures to thwart 
intrusions by all but those thoroughly familiar with the 


application source code. 


A. THE NEED 

The increased need for PC security is evident in view of 
several recent trends. First, PCs are being used in an 
increasing number of different business areas. These 
include those areas where sensitive processing is common. 
Secondly, more persons are becoming familiar enough with 
PC’s and MS-DOS to be considered capable of casual intrusion 
into marginally protected PC environments. Finally, the 
increase in public sensitivity to privacy of information 
issues dictates the need for increased security in areas 


once thought to be of a non-sensitive nature. 


B. REQUIRED ATTRIBUTES 
For these reasons an approach with the following 


attributes would be of significant value. It should be 
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eomeact, as application program Size is of great concern in 
the PC environment. The approach should be flexible or 
multi-leveled, that is, it should allow public access to 
some applications and limit access to other application(s) 
to only their specified set of authorized users. The 
approach should be easy to implement, even in existing 
applications. Increasing end-user application development 
makes this a valuable attribute. The Relay Race Approach 
exhibits these desired attributes and is strong enough to 
withstand casual attacks from intruders with strong 


knowledge of MS-DOS and PCs. 


C. POSSIBLE ENHANCEMENTS 

The relay approach depends on the premise that an 
intruder does not have access to the application source code 
and knowledge of how the approach was implemented in the 
application. There are two modifications which could 
enhance security just in case knowledge of the approach 
and/or application source code is compromised: unique 
application copies and deceptive and dynamic baton 
variables. Additionally, disk file residue eliminators 
could strengthen security. 

1. Unique Application Copies 

First, it would be important to make different 


copies of the application utilize unique or nearly unique 
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password files. This would be accomplished by compiling 
many versions of the program, each using a different first 
entry in the password file (the password file check 
variable). This would defeat an intruder who might have one 
copy of the application and attempt to insert his password 
file into another system and using it to gain access to the 
other system’s data. 

2. Deceptive and Dynamic Batons 

To further help deceive intruders who might gain 

access to the program source code, the "baton" may be 
concealed. Suppose in the Basic application the baton 
variable were "MINEDIST#" instead of "BATON" and was of type 
integer, Figure 4.4. This would slow a potential intruder’s 
conceptualization as he browses the source code in search of 
security hints. Additionally, dynamic batons can be 
employed. Such a baton variable can be set to valid 
indirectly through one or more intermediate variables which 
might appear to be accomplishing some arithmetic operations. 
The value given to the baton variable may also change often 
but retain some characteristic for the validity check. For 
instance, the baton could change value but retain even 
divisibility by 17 and the validity check would be designed 


to test for that. 
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3. Disk File Residue Eliminators 
Finally, using a filewipe type residue eliminating 
program instead of simple MS-DOS delete command in the 
application would provide an extra degree of security to 
counter random disk sector searches. 
The Relay Race Approach provides efficient, casual 
security for personal computer applications in today’s 


environment of increasing PC security Threats. 
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Appendix A: Source code for Minefield Pianning 
Application in BASIC. 


1 'MFPLAN.BAS - Prototype 2 4-21-91 of Relay Race Baton PC security system. 

3 OPMIGN BASE 4 

4 DIM YTD(10), TTD(10) 

5 COMMON 

SOS OE LARIEEAMIPLAS LOPS IPLODIFL ON 
7 DIM VALIDPWS(10) 

8CLS 

9 IF BATONS="VALID”" THEN GOTO 140 

18 LOCATE 13,10 

20 PRINT "Enter your password and press ENTER." 

2\ LOCAFE1S AS 

yes *“™"“BLACKEN SCREEN TO HIDE PASSWORD AS IT IS ENTEREDIe 
GET PASSWORD 

23 COESE 70 

24 INPUT PASSWORDS 

28 +S REStan 

SO pices 

25 SOLOR 7 

2/ SHELL “"RCRYPT SED.NMQ PWORD.DAT™' ““"*DECODE FILE @F Vewi= 
PASSWORDS AND CHECK USER'S FOR VALIDITY 

28 OPEN “PWORD.DAT" FOR INPUT AS #1 

30 N=0:FOUNDS="F": BATONS="INVALID" 

32 N=N+1 

3418 EOF) GOTO 50 

36 INPUT# 1, VALIDPWS(h) 

38 IF PASSWORDS=VALIDPWS(N) THEN FOUNDS="T" 

40 IF FOUNDS="T° THEN GOTO 60 ELSE GOTO 32 

50 |F FOUNDS="F" THEN CLS:LOCA7TE 17,10:PRINT "Your password ts invalid, 
access denied." 

Sila “**PAUS Ene 
READ MESSAGE 

52 LOCATE 19,10:PRINT "Press any key to continue.” 

54 AS=INKEYS:AIF AS="" THEN 54 


56 CLOSe NILE PWR Ade “CLOSE PASSWORD FILE & ERASEW® 
98 GOTO 2490 So lOr 

60 CLOSE 1:KILL "PWORD. DAT" 

62 BATONS="VALID"' “e*BUILD BATON 

80 CLS | 


90 LOCATE 5,5:PRINT "Welcome to Minefield Planning. A simple Basic program to” 
100 LOCATE 6,5:PRINT “assist in planning air deployed minefields. Given IP lat” 
410 LOCATE 7,5:PRINT “and long, hole lat & long's, track, speed and trajectory" 
120 LOCATE 8,5:PRINT "the program will calculate and securely store and/or " 

130 LOCATE 9,5:PRINT “print time to drop and distance to drop." 

140 LOCATE 71,10:PRINT "MAIN MENU" 

456 LOCATE 13.5:PRINT “4 - Enter new data and calculate drops” 

155 LOCATE 14,5:PRINT "2 - Retrieve previously stored solution from disk" 
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160 LOCATE 15,5:PRINT "3 - Print data from earlier calculated or retrevec line” 

165 LOCATE 16,5:PRINT "4 - Save current mineline calculations to disk’ 

170 LOCATE 17,5:PRINT "5- EXIT SYSTEM" 

80 LOCATE 19,10:PRINT "Enter your choice” 

m0 INPUT CHS 

00 IF CHS="1" THEN CHAIN "MINECALC” ELSE IF CHS="2" THEN CHAIN | 
MULRETREV" ELSE IF CHS$="3" THEN CHAIN "MINEPRNT" ELSE IF CH$="4" THEN 
SHAIN "MINESAVE” ELSE IF CHS="5" THEN GOTO 240 

210 CLS 

90 LOCATE 10,10:PRINT "ERROR! choose 1, 2,3,4 OR 3° 

230 goto 80 

240 CLS: END 


| 'MINECALC.BAS 
3 OPTION BASE 4 
} DIM YTD(10}, TT DG 9} 
> COMMON 
BATONS, NAS,LAHS,|PLAD,IPLAM,IPLAS,LOHS,IPLOD,IPLOM,IPLOS,SPD,TRA,N,YT 
d), TT DO 
7 DIM HLAD(10),KLAM(10), HLAS(1O), 
LOD (10) HLOM(10), HLOS(10), HLAMX(10), HLA(70) 
} DIM 
4LOMX(1 0), HLO(10).NSDIFF(10), EWDIFF(16), NSYDS(70),EWYDS(10), TOTYDS(10} 
1 DIM TOTYDSCHK(10) 
CLS 
0 IF BATONS = "VALID" GOTO 33 ELSE GOTO 1065 
10 cls: LOCATE 2,5:PRINT "Enter Data Below Prompts.” 
IO LOCATE 4,5:PRINT "Is |.P. Lathude N or S? (CAPITALS) INPUT LAHS 
O LOCATE 5,5:PRINT "Degrees":LOCATE 5,15:PRINT "Minutes 
2 LOCATE 5,25:PRINT "Seconds" 
O LOCATE 6,5:NPUT IPLAD:LOCATE 6,15 
M1 IPLADR«IPLAD’S.141593/1 86 
B INPUT IPLAM: LOCATE 6,25:INPUT IPLAS 
0 LOCATE &,5:PRINT “is |. P. Longitude E or W? (CAPITALS)"INPBUT LOHS 
ee 9. 5:INPUT |IPLOD:LOCATE $,15:INPUT IPLOM:LOCATE 9,25:INPUT 
> 
Se LOCATE 11,5 
2 PRINT “Enter true track from |.P. to holes in 3 digits(001 -350).” 
4 INPUT TRK 
m TRKReTRK*S.141593/180 
00 LOCATE 13,5:PRINT "Enter groundspeed in knots.": INPUT SPD 
10 LOCATE 14,5 
12 PRINT “Enter weapon trajectory in yards for your speed and altitude (from 
AACREFMAN)." 
14 INPUT TRAJ 
4 .. 18,5:PRINT “Enter number of mines in this line."INPUT N 
L 
30 IPLAMX = IPLAM + (IPLAS/60} 
31 IPLA = IPLAD + (IPLAM™/60) 
S2 IPLOMX = IPLOM + (IPLOS/60) 
33 IPLO = IPLOD + (IPLOMX/60) 


134 IF (LAHS="N") AND (LOHS="W") GOTO 140 ELSE GOTO 372 
140 FOR l= 1 toN 

150 LOCATE 2,20:PRINT "Hole ";! 

1600 L@@ eed 5 

162 PRINT “Latitude: Deg Min Sec Longitude: Deg Min Sec" 
165 B=4+| 

170 LOCATE B,15:INPUT HLAD(I) 

171 LOCATE B,21:INPUT HLAM() 

172 LOCATE B,27:INPUT HLAS() 

173 LOCATE B,44: INPUT HLOD()) 

174 LOCATE B,50:INPUT HLOM (I) 

175 LOCATE B,56:INPUT HLOS(I) 

250 HLAMX(I) = HLAM(I) + (HLAS(1)/60) 

260 HLA(I) = HLAD(I) + (HLAMX(1)/60) 

270 HLOMX(1) = HLOM(I) + (HLOS(1)/60) 
280 HALO) = HLOD(I) + (HLOMX(1)/60) 

290 NSDIFF(I) = HLA() - IPLA 

300 EWDIFF(I) = IPLO - HLO{)) 

310 NSYDS() = NSDIFF(I) * 2020 * 60 

320 EWYDS() = EWDIFF() ~ 2020 * 60 * COSUPEADR) 
325 IF ((TRK>85)ANDIT RK<95))OR((TRK>265)AND(TRK<275)) THEN 340 
330 TOY Daip)e (NSY US(/(Ces Gaia) 
S55 a@lO 350 

340 TOTYDS(!) = (EWYDS())Y/(SIN(TRKR)} 
350 YTD(i) = TOTYDS() - TRAJ 

360 TTD) = ((YTD()/2020)/SPD}* 60)* 60) 
3/70 NEXT | 

2/1 GOTO beau 

372 PRINT "NE, SW AND SE HEMISPHERE PROBLEMS ARE NOT IMPLEMENTED 
AT THIS TIME.” 

374 cls:GOTO 1070 

820 CLS 

830 LOCATE 2,2:PRINT "IP" 

831 LOCATE 2 17 PA eh ace 

832 LOCATE 2,25:PRINT "Speec" 

635 LOCA] 23a CeIn yaldsiomion: 
834 LOCATE 2,49:PRINT "Time to drop” 

840 LOCATE 4,2:PRINT LAHS 

841 LOCATE 4,4:PRINT IPLAD 

842 LOCATE 4,7:PRINT IPLAM 

843 LOCATE 4,10:PRINT IPLAS 

844 LOCATE 4,17:PRINT TRK 

845 LOCATE 4,25:PRINT SPD 

846 locate 5,2:print LOHS 

847 locate 5,4:print IPLOD 

848 locate 5,8:print IPLOM 

849 locaie 5,11:print IPLOS 

850 FOR K=1toN 

860 L=3+K 

870 LOCATE L,33:PRINT YTD(K) 

872 LOCATE L.49:PRINT TTD(K) 

880 NEXT K 


90 


90 LOCATE 18,10:PRINT "Press any key to continue." 

90 BS=INKEYS:IF BS="" THEN 900 

10 CHAIN "MFPLAN" 

965 cls:locate 10,10:print "Security Violation, Access Denied.’ 
066 locate 11,10:print "press any key to continue." 

067 2$=inkey$:ii z$="" then 1067 

070 cls: END 


'MINEPRNT.BAS - print module for minefield planning program. 

OPTION BASE 1 

DIM YTD(10), TTD(10) 

COMMON 

ATONS,NAS,LAHS, IPLAD,IPLAM,IPLAS,LOHS,IPLOD,IPLOM,IPLOS,SPD,TRK,N,YT 


0 IF BATONS="VALID" GOTO 40 ELSE GOTO 250 

PLPARINT "":LPRINT "" 

5 LPRINT , "UNCLASSIFIED": LPRINT °° 

O LPRINT ,” Minefiela Pianning Report’ 

O LPRINT ,,"for" NAS 

» LPRINT** 

O LPRINT “initial Position:” 

OD LPRINT LAHS "" IPLAD "-" IPLAM *-"IPLAS " " LOHS "" IPLOD "-” IPLOM *-" 
LOS 

BLPRINT °" 

BO LPRINT “True Track: "TRK" “"Arcraft Groundspeed: " SPD 
1O LPRINT ”* 

15 LPRINT “Hole #","Time to Drop:"."Distance to Drop:" 

me LPRINT ,(seconds)”,"(ards)” 

20 FOR K=1 TON 

fo LPRINT K,TT DK), YTO(RK) 

40 NEXT 

me iLPRINT"" 

> LPRINT .“UNCLASSIFIED’ 

90 CHAIN "MFPLAN" 

90 CLS: LOCATE 10,10:PRINT "Security Violation, Access Denied." 
90 LOCATE 11,10:PRINT "press any key to continue’ 

10 aS=inkeyS:if gS="" then 270 

30 cls:end 


'MINESAVE.BAS 

OPTION BASE 1 

Di YTD(49), 11 D(10} 

COMMON 

ATONS,NAS,LAHS, IPLAD, IPLAM ,IPLAS,LOHS,|IPLOD,IPLOM,!PLOS,SPD,TRK,N,YT 


(), TTDQ) 

& TONS="VALID" THEN GOTO 40 ELSE GOTO 140 

2 LOCATE 2.2:PRINT "When this prooram stores a file it does not store the” 
3 locate 3,2:print “trajectory or the hole lat/long. Therefore no classified” 
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24 locate 4,2:print "data is stored or can be derived from the file as long as" 

25 locate 5,2:print "the minefield is an exercise field and not a real operational one.” 

26 LOCATE 7,5:PRINT "Do you wish to store this data in the file? (y or n) ° 

27 INPUT ANS 

te a OR ANS="y" GOTO 40 ELSE IF ANS="N" OR ANS="n" GOTO 130 ELSE 
Vi@ ss 

31 LOCATE 10,5:PRINT "Error choose y or n." 

32 LOCATE 12,5:PRINT "Press any key to continue." 

33 BS=INKEY$:IF BS="" THEN 33 

34 GOTO 21 

40 LOCATE 5,5:PRINT "What name would you like to store the data under?" 

45 locate 6,8:print "(all lower case and remember it please)” 

50 INPUT NAS 

60 SHELL "RCRYPT SED.MNQ MINE. DAT" 

70 OPEN "MINE.DAT" FOR APPEND AS #2 

80 WRITE #2,NAS,LAHS,IPLAD,IPLAM,IPLAS,LOH$,IPLOD,IPLOM,IPLOS,SPD,TRK,h 

81 FOR B=1 TON 

82 WAITE #2,YTD(B), TT D(B) 

83 NEXT B 

90 CLOSE #2 

106 SHELL "RCRYPT MINE.DAT SED.MNQ" 

110 KILL *MINE.DAT" 

130 CHAIN "MFPLAN" 

140 CLS:LOCATE 10,10:PRINT “Security Violation, access denied.” 

150 LOCATE 11,10:PRINT "Press any key to continue." 

160 pS=inkeyS:if p$="" then 160 

179 CES END 


1 'MLRETREV.BAS 

3 OPTION BASE 1 

4 DIM YTD(10}, TT D(10) 

> COMMON 
BATONS,NAS,LAHS,IPLAD,IPLAM,IPLAS,LOHS,IPLOD,IPLOM,IPLOS,SPD,TRK,N,YT 
D(), TI D() 

20 CLS 

30 IF BATONS="VALID" THEN GOTO 40 ELSE GOTO 160 

40 LOCATE 5,5:PRINT "Enter the name you stored desired data under. (lower case 
please)" 

50 INPUT NMS 

60 SHELL "RCRYPT SED.MNO MINE.DAT" 

70 OPEN "MINE.DAT” FOR INPUT AS #3 

80 IF EOF(3) THEN CLOSE #3:PRINT " NOT FOUND":KILL "MINE.DAT":GOTO 150 
90 INPUT #3,NAS 

110 IF NAS=NM$ THEN GOTO 120 ELSE GOTO 80 

120 INPUT #3,LAHS,IPLAD,IPLAM,IPLAS,LOHS,IPLOD,IPLOM,IPLOS,SPD,TRK,N 
121 FOR C=1 TON j 
122 INPUT #3,YTD(C), TTD(C) 

123 NEXT C 

130 CLOSE #3:KILL "MINE.DAT” 

1560 CHAIN "MFPLAN" 

160 CLS:LOCATE 10,10:PRINT “Security Violation, access denied.” 


02 


70 LOCATE 711,10:PRINT "Press any key to continue." 
80 sS=inkeyS:if sS="" then 180 
90 cls:end 
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Appendix B: 


Source code for Dive Log Application in Dbase [V 


BRIER IKERKEIAEKE KEKE KERR EE KKK KAKA EKER KEKE KEKKKERKKEFKEKRKEKRKEERKEREKKEREKRE 


* PrG eam... ol Woe ne 

TAO Tiger cae This is an APPLICATION OBJECT. 

* Date.........: 8-04-91 

* Notiec....... Type information here or greetings to your users. 


* Generated by.: APGEN version 1.3 
* Deseniption..: user application of dive log database. 


* Description..: Main routine for menu system 
HARRI IKEA A KAAS Pe tk HK HB Re Fe KIMI PFI KH IKKE RIKER KH M KEI MERKEKEEEI KAI KKE KEK 


ADDED CODE FOR SECURITY MODULE 
G13 Seyi Enter Passworl: — 
SET COLOR OF NORMAL TO B/B 
ACCEPI TO rwWORD 
SET COLOR OF NORMAL TO W+/B 
IF (NOT. PWORD="TIGRIS"). AND..NOT. PWORD="SCUD ).AND.CNOT. 
PWORD="BAGDAD") 
DO VIOLATIO 
ERs 
RUN pkunzip adidata -sIRAQ 


KHER A PE FEF. POS PEM Pe HPs EK 


tee Setup environment 
SE? CONSOLE OFF 
Teoh Enea pier ye" 
CLEAR WINDOWS 
CLEAR ALL 
GLOSEZALL 
CLOSE PROCEDURE 
gn_ApGen-~ I 
ESE 
gen_ApGen=¢gn_ApGen+ } 
lf en ApGen > 4 
Do Pause WITH “Maximum level of Application nesting exceeded.” 
RETURN 
ENDIF 
PRIVATE gn_oldsize 
gn_oldsize=gn_sersize 
PRIVATE gc_bell, ge_carry, ge_clock, gc_century, ge_confirm, ge_deli,; 
gc_safety, gc_status, ge_score, ge_talk, ge_key, ec_prognum,; 
ge_quit, gc_color, ge_display, g!_color, gl_batch, gn_scrsize 
ENDIF 
*__ Store some Sets to variables 
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—— 

+ 

4 

ad 

~£3 

Sed 

cy 

C. mn 

wa ud 

ts tal 

UM i 

cs €53 

ue of3 

ca 
ey 

— >» 

“a~ bal 
a | 

t- -_—~ 

~~ = 

CF tal 

c ca 

os 

me pe 

ca, uJ 
in 


F 


ca 


DEFINE WIN 


ACTIVATE WINSCH ge repert 


@ 0,1 SAY "Incre 


é 


ta 
z 
~| 


1 SAY “Press any key ...* 


r+ 
& 


repo! 


RELEASE WINOCW on 


RETURN 


NOTE 
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ON ESCAPE D2 Prnabcr: 
SET TALK SFF 


wv 


q] widow=.7. 


bo current 


+ 
-_ 
‘wt 


th gr 


cate 


Oroce 


{ 


a 
! 


r esuel 


ELSE 


cnh_etjine DO Pofcot 


CN PABE AT LINE g 


ENDIF 


DO Pohead 


bb first physical page started 





oO 
co 


LE Soop when escape 15 


' 
! 
e 


Pope 2g1 ih aH 


S 
= 
5 
. 


q 
hater 


i ae 
C 


} 
a 
o 
a 


QURE F: 


4 


AMS 
Prnab 


i 


7, 


Figi plain,’’ , “Fage No.” ) AT 0,3 


F ¢l sugsary 
‘(gi plain, 


m- Petar) 
Set flac to 
EDURE Fghea 


intro 
ASE 
KIN 
RN 
IRN 

Pp 


LORE ec oon a 


P 


no} 


ta 


Ne Joc for® Al 


FA2be FING Le Ne a oe ce: 
a i) | Cee ween ae 
Pa@e wPUNG 7 Uist 4) oe 


ee | 


{-- Print BEARING pecaceter ie. RErSs) PoResrags YEARLING <expe 
TE NDE Gy chlat ans Coe) eae, 


Scheedina ph NG CN cleat tee, 


cf oe paenine Neorgor |} 
yy 2 _ Means J LS ME Ou 


_ 


7) Sate Al aN. 
"Site name cr 


hit eh See 


Atowe At a5: 
Qenth ene. 


UE es OS Pee Pee e ad ullie Sey ACooec thc eemcurte 
IF gi wicow .AND,. clinenoes § gn_pseace * gn_atiine + | 
FJECT PASE 
ENSTF 


ENDIF 
DC Upc Vars 
27 Bare nia, 
Nase FUNCTION “TVS0" AT 9,; 
Air used PICTURE "99799959" AT 40, : 
Temperatur FICTURE "9999999999" AT 49,° 
Depth PICTURE "99990" AT 6C,; 
NS eye ees se9een!) Eby 
Tyee PICTURE = 999.9" AT 77 
9 


2? bpech Saver UNCL IGN "7" PICTURE “XNAXNAARRA” Al 9% 
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y FUNCTION 
T 


— 


te da 
ve" 


3h 
tS 


mk 


SUE Las 


t 


Ve Terns 


breey when 


Lol 
_ 
- 


ECT PAGE 


TURN 


- Process pag 


Hoy 

[VATE box 
ESCAPE 
PASE 
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$ dBASE IV .GBE file 


4 


4 c : 
tpact.c 


+r 
= 


c 
~ 


avd stcre 


dh 
owhe 


= 


cua 


ae ed 
te 


ad 
4 ee 


~ 
- 


ATi 
we ft we! 


K 


Fo (a Vvoree 
OR oe 
1 fi 


wv 


t 


{ 


MIN 
8-0 4-9! 


we 


ai) 
\QUALKPT.FRE 


ch 
fe tS 
. 
8 


1. 
sa oe 
% » Sal! 
1 DIY 
Ec 
- 


ce 
Vere imtec 
TO g- 


er 
SET RELATION 


Ld 


i 


Bo VISLATIE 
CET FI! 


ELSE 
Pf VERS \onceemer en: abe 


IF .NOT, BATON=° 
$ Prograbseisess. es 8 
1 Date scares 


1 fcr one cive 
CCSSE SE ESSE: 
PARAPETER BATON 
SSSSSSSES TSS! 
Coe ei? TEMES 
7] ol ee «| oa 
SSSSPSSSS SSG! 


ENDIF 
SESE STSSSS | 


ON ERROR CAN 
return 


$ Notes 
t Pe ay 


rt 
= 4 
- 


e th 


e 
2 


aE Saul 


Lad 


on: 
one) 


a 


ia 


noeje 


] 


g 


a 
‘en, 
ad 


RAMETER 


eect 
oie IER ee 


tas 


4 4 : 
are of tyse 


- 
wd 


CAM 


ahaa 


e nif 
ce ws i 


= ot 
— tot 
r 


ang 

Tire sett 
ON" 

oe 


r 
4 


a 
Sig. 


é 


NOG Reu yy sen7¢ 


here 
Yew 
° 

G yok 
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fp 


t 


SET 


3 
T SPACE OFF 


N 


{ 
a 


re word 


ul 
vet-uc environgert 


EaGAPE (0 Prnabtcrt 


t1 
pel { TALE 
Pete 


The first three paraseter 


gc_talk="QFF° 


DEaCTIVATE k 
DIF 


DEF 

RELEASE “Kk 
ENDIF 

Be talk="QN" 
‘Ss 


ry 


go cate=DATE(} Ak systoz cate ” : : 

cl fangl=.F. bk first and las? pace flag 

gl _prntficg=.f. && Continue printing 2g 

gq} _wider=.7, k& flac fcr checking widow bance 
gn_length=LENigc heading) 4&8 store length cf the HEADING 
gn_jevel=? LR current band being processes 

gn page= pagenc && grab current cage nusoer 
gn_pspace= psoacing &f set current print Spacing 


$-- Set us prececure for gage break 
re = 

gn_atiine=_plength - (_pscacing + 2} 

ON PASE AT LINE gr_atiine ECECT PASE 


t-- Print Report 


t-- File ‘oop 
Do RHELE FOUNS{) .4N0. .NGT, EOFL) .ANS. of opentila 


gn leyel=0 
1 


ENDIF 
gi_widow=.T. ki enasle widow checking 
CONTINUE 

ENDDO 


IF o! prntflg 
DO Ksuse 
IF plinene <= gn_atiine 
EUEC? FACE 
ENDIF 
EOE 
DO Rouge 
DO Reset 
RETURN 
ENDIF 


ON PAGE 
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' Reset 
TURN 
me geee Quel SP} Fes 


- Update suasary fields ans/er calculatec fields. 
(OCEDURE Upd Vars 

TURN 

EOP: Und Vars 


- Set flac te get cut of DO WHILE isop wnen escare is pressed. 
OCEDURE Prnabort 
praitic=.f. 


Mee eemra tie a face Now} AT AA 
Br clapiati, w cacenc) PICTIE *999" <1 9,3 
mual list fers” AT 22 


Re Meiienra ec opepareter OME’ CH! FORM “name> HEADING ‘omme> 
oNOT, gi plein BX. 2m length > 9 
peter SeetGor sys en iy tele SS (orgargie = itace 
S33 : z 2 

YF 

Meira] plein, .cd date} A? 0.: 

mage FUNCTION "T* AT £8; 

BE FUNGTOGN "IT" AT 31. 

mage FUNCTION °T" AT 34 

m GURL NAME” AT 5,3 

COMPANY" AT 17,; 

BATE" AT 29, : 

INSTRUCTORS AT 39 

TURK 

EOF: Poheac 

OCEDURE — Petar] 

 gh_pspace < gn_atline - (_pspacing § 6 + 3} 
IF gi_widow .AND. si:nencton pspace > cn_atline + 


EJSGTRPAGE 
ENDIF 
(DIF 
) Upd Vars 


7? Qual nate FUNGI ION "2" BT o.: 
Coepany FUNCTION "T° AT $7, 
Date AT 29,; 
lnstructor FUNCTION "T° AT 39 

? 

RETURN 

S E0Ps So Devei! 


PROCESUKE Rouse 
q]_fansl=.F, EL Jact pase ‘anished 
” 


RETURN 
$ EGP: Rsues 


PROCEDURE Fofoot 
PRIVATE box, pspacing 
ql _widow=.F. bk sisadle widow checking 
_pspacing=! 
7 
[Pee Nepean pain 
ENDIF 
EJECT FASE 
{-- is the page fueber greater than the ending page 
IF pagerc > pepage 
60710 BOTICS 
SKIP 
gn_level=( 
ENDIF 
}PNOleeOMeResWaahic,. Glass! 
pepacing=gn_osace 
DU Pghead 
ENDIF 
RETURN 
$ EOF: Pofoct 


$-- Frocess page break when PLAIN oction is used. 
PROCEOURE Peslain 

PRIVATE box 

EJECT PAGE 

RETURN 

3 EQP: Poplain 


t-- Reset dBASE environsent orior to calling report 
PROCEDURE Reset 

SET SPACE &gc space. 

SET TALK &gc_talk. 

ON ESCAPE 

ON PASE 

RETURN 

3 EOP: Reset 
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